[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127
- From: Joe Stewart <jstewart@xxxxxxxxx>
- Date: Fri, 23 Apr 2004 07:25:31 -0500
On Friday 23 April 2004 5:27 am, Tomokazu Suzuki wrote:
> Joe Stewart wrote:
> > Scans port 135 for MS03-039 "DCOM2" vulnerability
> > Scans port 139 for MS03-049 Workstation vulnerability
> > Scans port 1433 for weak MSSQL administrator passwords
> > Scans port 2082 for CPanel vulnerability (OSVDB ID: 4205)
> > Scans port 2745 for backdoor left by the Bagle Virus
> > Scans port 3127 for MyDoom.A backdoor
> > Scans port 5000 for MS01-059 UPnP vulnerability
> > Scans port 6129 for Dameware vulnerability (OSVDB ID: 3042)
> > Scans port 80 for MS03-007 WebDav vulnerability
> > Scans ports 135, 445 and 1025 for MS03-032 vulnerability
> > Scans ports 139 and 445 for weak Netbios passwords
>
> Could it exploit MS03-032 vulnerability via 135, 445 and 1025 ?
> The vulnerability exists in IE.
Apologies, that should have read MS03-026, the DCOM vulnerability used
by Blaster.
-Joe
--
Joe Stewart, GCIH
Senior Security Researcher
LURHQ http://www.lurhq.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html